Get VM Image Scan Settings

GET 
/api/v32.04/settings/vm

x-prisma-cloud-target-env: {"permission":"policyHosts","saas":true,"self-hosted":true}
x-public: true

Retrieves the list of VM image scan scopes.

This endpoint maps to the VM images scope table data in the Defend > Vulnerabilities > Hosts > VM images Console UI.

cURL Request

Refer to the following example cURL command that retrieves all the scopes used for pattern matching on VM functions:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  'https://<CONSOLE>/api/v<VERSION>/settings/vm'

Responses

200

application/json

Schema

Schema

• Array [
cap integer

Specifies the maximum number of images to fetch and scan, ordered by most recently modified.

consoleAddr string

Network-accessible address that Defender can use to publish scan results to Console.

credentialID string

ID of the credentials in the credentials store to use for authenticating with the cloud provider.

enableSecureBoot boolean

EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).

excludedImages string (string)[]

Images to exclude from scanning.

gcpProjectID string

GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).

imageType common.ImageType (string)

ImageType is the type of a VM image. For example, in the case of Azure this is one of marketplace/managed/gallery.

images string (string)[]

The names of images to scan.

instanceType string

InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is "m4.large".

labels string (string)[]

The labels to use to target images to scan.

region string

Cloud provider region.

scanners integer

Number of Defenders that can be utilized for each scan job.

subnetID string

SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.

vpcID string

VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.

zone string

Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.

• ]

Example (from schema)

[
  {
    "cap": 0,
    "consoleAddr": "string",
    "credentialID": "string",
    "enableSecureBoot": true,
    "excludedImages": [
      "string"
    ],
    "gcpProjectID": "string",
    "imageType": "string",
    "images": [
      "string"
    ],
    "instanceType": "string",
    "labels": [
      "string"
    ],
    "region": "string",
    "scanners": 0,
    "subnetID": "string",
    "vpcID": "string",
    "zone": "string"
  }
]

default

Loading...